What is an Index.dat file?

Index.dat are files hidden on your computer that contain many of the Web sites that you have visited. Every URL and Web page is listed there. This script is for you, if internet privacy is an issue or you're just curious to see what surfing habits people have on your PC or Network. In WinXP, here's where you'll usually find them:

How do these scripts work?

IE.vbs and IE_Network.vbs allow you to find, scan, view and erase all local/remote history index.dat files. Also, records precise URL visit time stamps. Scans are very fast and index.dat file parsing is done using 100% VBScript. Results are logged locally to C:\spy.htm or C:\Machine-MM-DD-YYYY.htm. For example:

It's free!

Yep, feel free to modify this script for whatever nefarious activities you like. It's amazing to see so many websites charging $24.95/$39.95 for bloated programs which basically function the same way as this script! If you like this script and it runs correctly, please feel free to email me. It'll give me a better idea on how it's functioning on your systems. Of course, any bugs can be tracked below in the message board section. Thanks!

Enjoy! (-_-)

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

sure, but you have to admit that even the author didn't post his article here, someone else still using his own malicious codes to do the bad thing. The author just told us something might happen, and it also is the useful information for us to prevent something happenning.

Make the bad troll go away!I personally am very thankful for your little project- I was looking for a way to check up on suspected *corporate* users, and being a non-profit, don't have a budget to buy stuff!

As far as the poster's asshat theory about privacy and such... In my environment, it doesn't apply- we own the systems and pay them for their time, Siberian; they get paid to work, not surf the news or shopping all day. And yes, we do have a firewall and content filter for objectionable content, but time wasting is still an issue. Employees are allowed to use their personal time (lunch-hours, etc...) to surf if they choose.

One datapoint: I develop/maintain an application which must read/write the history file (index.dat) for IE across SP1 and SP2. For whatever reason, there is a slight difference in file format between SP1 and SP2, such that copying the index.dat file created on a SP1 machine over to a SP2 machine will (sometimes) cause problems (e.g., URL entry displayed incorrectly). I ran across this sample code as I am searching a solution for this problem, and therefore I personally did not entertain the idea that this code was created for the purpose of "spying". Two points I want to make are (IMHO) 1) samples like these are an enormous contribution and greatly serve the development community, and 2) one may often carry preconceived notions with regard to purpose, blind to contribution (whatever that means).

Yes, here in the west, on CIA day, all the hopeful parents bring their infant children to the public square where the Grand Inquisitor comes and selects their child for the Glorious Westerner's Army of Spies.

Only those infants with the slimiest and sneakiest auras are sifted from the masses for the grueling Nefariousness Aptitude Test.

But it is worth it, for the degree of respect and adoration given to those who will ulitmately earn the title "Spy of the Western Hemisphere."

Surely they used to do something like this for the KGB? That is what we were taught in high school during the cold war.

------- But seriously... ------

Come on. Any software that helps make head or tails out of Microsoft's arcane file formats, which change without warning or documentation, is useful for the programming community.

Maybe you should just get a girlfriend... so you can maybe someday get married... and maybe have children...and maybe teach them how to use their own computers... and maybe then understand the ABSOLUTE NECESSITY of such things.

'Open the stream And get binary data from the object Stream_BinaryToString = BinaryStream.ReadTextEnd Function-----------------------------------------------------------------------------------------------------------------

I always get confused when talking about unicode, multibyte, etc.,....

*UPDATED* I've added a new script IE.vbs to the zip file.It now attempts to record a more precise time stamp of when a useractually visited a website.

----------------------------------------------------------Hi,

Lately I've got some questions regarding displaying the date & TIME the user visited a website. Anyhow, the index.dat file does store this info in a 64-bit field. I think it's possible to extract that data and convert it to a date time. (Currently my scripts just display the date range)

"The moral of the story is to only follow links from the main website you wish to view."

Wrong. And your script proves it.

Want an example ?1) Open IE, type 'http://unknownservername.net/<script>alert('XSS');</script>' (without leading & ending quotes) in the address bar.2) Run your script (which should display an HTML page including what you've just typed).

You'll see that a dialog box saying "XSS" is displayed without following any link at all...

This message appears when a Web page open on your computer tries to run a script or ActiveX control. Internet Explorer blocks the active content portion of the page but allows the rest of the Web page to open so you can see how it functions without the script or ActiveX control. Often, you will be able to view or use the Web page without using the active content. Because active content is a potential hazard to your computer, you should be certain that you trust the publisher of a script or ActiveX control before you decide to give it access to your computer.

If you are certain that you want to allow the page to run scripts and ActiveX controls on your computer, follow the steps below:

Click the Information Bar. Click Allow blocked content.

---------------------------------------------------------------------------I guess one could add somekind of filter to parse out active content or if users are paranoid, just save the output file as SPY.TXT instead of SPY.HTM and open it with notepad.

The only cookies you need to remove are those that Spybot Search & Destroy identifies as trackable across multiple websites. Other cookies don't really mean anything.Also, it would help to reduce your IE cache from the normal 10% of hard drive space down to approx 20 megs, which is more than enough junk to keep on the hard drive.